PBF policy not working.

Reply
Highlighted
Not applicable

PBF policy not working.

Hi,

I have packets that arrive on interface eth1/10 that I need to be forwarded back out of eth1/10 with a next hop address of another router on that subnet. I have created a pbf rule that I hope would achieve this however it is currently not working. It looks like the following :

==========================================================

Interface eth1/10 IP : 3.3.3.1

Interface eth1/10 Zone : dummy-zone1

Source Zone : dummy-zone1

Source Address : any

User : any

Destination Address : [*NEGATE* : 1.1.1.1] (so I would like the pbr rule to apply to all traffic that does not match the configured address i.e.2.2.2.2)

Application : any

Service : any

Action : forward

Forwarding Egress I/F : eth1/10

Next Hop : 3.3.3.2

No Monitoring

==========================================================

Unfortuanly I am not currently familiar enough with PA to run any extensive debugging. Also, is it possible to apply a pbr policy with an egress interface being the same as the source interface?

I have substituted the real IP addressing with dummy addressing in the example above.

Any comments or suggestions would be appreciated, this is my first post so be gentle :-)

Regards,

James.

Highlighted
L4 Transporter

Re: PBF policy not working.

There is no way to specify traffic that came in on Eth1/10 needs to go out on Eth1/10. PBF is based on  zones, IPs, App and Service. If the traffic on on Eth1/10 all comes from a small set of networks, you can just add static routes to direct traffic back out the same interface.

PBFis used to defeat or override the routing table. If this is a 2 ISP scenario and traffic that comes in from ISP1 interface should go out the ISP1 interface you might try usng NAT to manipulate the source IP but this gets complicated quickly. You probably need to test this and open a support call if you get stuck.

Steve Krall

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!